The unanimous decision was handed down Wednesday in the case Digital Realty Trust Inc. v. Somers. The ruling makes it clear antiretaliation protections for whistleblowers under the 2010 Dodd-Frank Act only cover people who report allegations of wrongdoing to the Securities and Exchange Commission. SEC rules enforcing Dodd-Frank protected in-house whistleblowers as well.

“I think for businesses, for companies, it’s a matter of ‘be careful what you wish for,’” said Thomas A. Zaccaro, vice chairman of the white-collar and investigations group at law firm Paul Hastings LLP and a former chief trial attorney at the SEC’s Los Angeles office.

“I think the consequence of the decision is whistleblowers are now made more likely to report to the SEC, and I think most companies would prefer that employees would report internally,” he said.

The SEC declined to comment.

Self-reporting concerns

People who report wrongdoing only via the chain of command at their company are still eligible for protection under the Sarbanes-Oxley Act, but their claims must be filed within 180 days of alleged retaliation against a whistleblower. The statute of limitations lasts for six years under Dodd-Frank and provisions on reimbursement for lost pay are more generous than those under Sarbanes-Oxley.

As a result, lawyers say it makes sense for people to report allegations of wrongdoing to the SEC, rather than in-house or to both concurrently. That, said Mr. Zaccaro, could put companies at a disadvantage in dealing with the agency.

He said the SEC’s policy is to treat companies that have violated securities laws more leniently if the agency learns about the wrongdoing from the firm. A whistleblower’s report to the SEC would derail that, said Mr. Zaccaro, by depriving a company of the opportunity to self-report.

If a company doesn’t get credit for cooperating, it could face SEC charges it might otherwise have avoided, he said.

Companies boxed in

Corporate America “has now litigated itself into a box,” said Sean McKessy, who served as the first chief of the SEC’s Whistleblower Office when it opened in 2011.

“I do expect that our business is going to pick up because of the way the Supreme Court decision came down,” said Mr. McKessy, who now works for the whistleblower law firm Phillips & Cohen LLP.

The U.S. Chamber of Commerce supported Digital Realty with a friend-of the-court brief, arguing that reporting to the SEC is required to qualify for whistleblower status under Dodd-Frank.

A representative of the business group declined to comment, but Eugene Scalia, a partner at Gibson Dunn & Crutcher LLP who has represented the Chamber in other Dodd Frank-related whistleblower cases, welcomed the court’s decision.

“What we have is now the regime that Congress enacted, as interpreted by a unanimous Supreme Court,” he said. “People who would like to have it otherwise can take it up with Congress.”

Companies want to do whatever they can to spot problems internally, said Gregory Keating, who heads the whistleblower defense practice at Choate Hall & Stewart LLP. They now may increasingly have to tackle problems while simultaneously dealing with SEC investigations, he said.

“What employers want is, ‘come to us and let us nip the problem in the bud,’” said Mr. Keating.

Time to review

The Supreme Court decision gives companies a reason to review how they handle complaints in-house, said Vicky Dal Molin, general manager for the Americas at Red Flag Group, a professional-services firm that helps companies manage risks in compliance, procurement and sales.

Companies may want to offer bonuses or other recognition to staff who flag problems, and to make sure their complaint processes operate efficiently, as this could generate trust among staff and encourage them to report problems via internal channels, she said.

Those already with good processes in place have little reason for concern, said Patricia Harned, chief executive officer of the Ethics & Compliance Initiative, a group that conducts research and helps organizations develop compliance programs.

Potential whistleblowers tend not to think about their legal rights until they consider turning to the government, she said, noting ECI research shows the vast majority of people who report wrongdoing do so within their firm.

“The odds are good that if you have an [external] whistleblower it’s because your company either failed to respond or didn’t respond properly” to an internal report, said Ms. Harned.

Mr. Scalia said he believed that many people who sought to use the Dodd-Frank protections were individuals who had missed the deadline to file under Sarbanes-Oxley, rather than claimants carefully planning their legal tactics.

As a result, Mr. Scalia said, the change in protections available is unlikely to alter their behavior. Financial incentives available to whistleblowers who report to the SEC remain unchanged, he said.

Write to Henry Cutter at Henry.Cutter@wsj.com. Follow him on Twitter at @henry_cutter.

Content from our sponsorDeloitteRisk management, strategy and analysis from Deloitte

CFOs of federal agencies can help drive cybersecurity maturity by taking a broad, risk-based approach to cybersecurity and the investments made to support it, according to Deborah Golden, leader of Deloitte’s Advisory Federal Cyber Risk Services practice, and Emily Mossburg, leader of the Secure practice in Cyber Risk Services, both of Deloitte & Touche LLP. They discuss how federal CFOs can increase their involvement in cybersecurity spending decisions, working with IT to focus on the impacts of potential cyberattacks on their agencies’ business operations and mission, and how to protect against or mitigate those impacts.

Please note: The Wall Street Journal News Department was not involved in the creation of the content above.More from Deloitte →